diff --git a/include/cyassl_int.h b/include/cyassl_int.h
index c1abb8ba2..d93d54946 100644
--- a/include/cyassl_int.h
+++ b/include/cyassl_int.h
@@ -619,7 +619,7 @@ void SSL_CtxResourceFree(SSL_CTX*);
 int DeriveTlsKeys(SSL* ssl);
 int ProcessOldClientHello(SSL* ssl, const byte* input, word32* inOutIdx,
                           word32 inSz, word16 sz);
-int AddCA(SSL_CTX* ctx, buffer der, SSL*);
+int AddCA(SSL_CTX* ctx, buffer der);
 int IsCA(SSL_CTX* ctx, byte* hash);
 
 /* All cipher suite related info */
@@ -983,7 +983,6 @@ struct SSL {
 #endif
     Hashes          verifyHashes;
     Hashes          certHashes;         /* for cert verify */
-    Signer*         caList;             /* SSL_CTX owns */
     Buffers         buffers;
     Options         options;
     Arrays          arrays;
diff --git a/src/cyassl_int.c b/src/cyassl_int.c
index b1b71cb0d..9c5966de8 100644
--- a/src/cyassl_int.c
+++ b/src/cyassl_int.c
@@ -705,7 +705,6 @@ int InitSSL(SSL* ssl, SSL_CTX* ctx)
     ssl->buffers.key = ctx->privateKey;
     ssl->buffers.weOwnCert = 0;
     ssl->buffers.weOwnKey  = 0;
-    ssl->caList = ctx->caList;
 
 #ifdef OPENSSL_EXTRA
     ssl->peerCert.issuer.sz    = 0;
@@ -1450,7 +1449,7 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
 
         InitDecodedCert(&dCert, myCert.buffer, ssl->heap);
         ret = ParseCertRelative(&dCert, myCert.length, CERT_TYPE,
-                                !ssl->options.verifyNone, ssl->caList);
+                                !ssl->options.verifyNone, ssl->ctx->caList);
         if (ret == 0 && !IsCA(ssl->ctx, dCert.subjectHash)) {
             buffer add;
             add.length = myCert.length;
@@ -1462,9 +1461,13 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
                 return MEMORY_E;
             XMEMCPY(add.buffer, myCert.buffer, myCert.length);
 
-            ret = AddCA(ssl->ctx, add, ssl);
+            ret = AddCA(ssl->ctx, add);
             if (ret == 1) ret = 0;   /* SSL_SUCCESS for external */
         }
+        else if (ret != 0)
+            CYASSL_MSG("Failed to verify CA from chain");
+        else
+            CYASSL_MSG("Verified CA from chain and already had it");
 
         if (ret != 0 && anyError == 0)
             anyError = ret;   /* save error from last time */
@@ -1482,7 +1485,9 @@ static int DoCertificate(SSL* ssl, byte* input, word32* inOutIdx)
 
         InitDecodedCert(&dCert, myCert.buffer, ssl->heap);
         ret = ParseCertRelative(&dCert, myCert.length, CERT_TYPE,
-                                !ssl->options.verifyNone, ssl->caList);
+                                !ssl->options.verifyNone, ssl->ctx->caList);
+        if (ret != 0)
+            CYASSL_MSG("Failed to verify Peer's cert");
         ssl->options.havePeerCert = 1;
         /* set X509 format */
 #ifdef OPENSSL_EXTRA
diff --git a/src/ssl.c b/src/ssl.c
index 6131a4145..b17fd0378 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -335,7 +335,7 @@ Signer* GetCA(Signer* signers, byte* hash)
 
 
 /* owns der, cyassl_int now uses too */
-int AddCA(SSL_CTX* ctx, buffer der, SSL* ssl)
+int AddCA(SSL_CTX* ctx, buffer der)
 {
     word32      ret;
     DecodedCert cert;
@@ -364,8 +364,6 @@ int AddCA(SSL_CTX* ctx, buffer der, SSL* ssl)
             if (LockMutex(&ca_mutex) == 0) {
                 signer->next = ctx->caList;
                 ctx->caList  = signer;   /* takes ownership */
-                if (ssl)
-                    ssl->caList = ctx->caList;
                 UnLockMutex(&ca_mutex);
             }
             else
@@ -719,7 +717,7 @@ int AddCA(SSL_CTX* ctx, buffer der, SSL* ssl)
 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
 
         if (type == CA_TYPE)
-            return AddCA(ctx, der, ssl);     /* takes der over */
+            return AddCA(ctx, der);     /* takes der over */
         else if (type == CERT_TYPE) {
             if (ssl) {
                 if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)